Meta

Archive for the ‘Network Protocols’ Category

I was recently asked by the GSMA to undertake an independent study looking at the security of various LPWA (Low-Power Wide-Area) network technologies. I took on the project because I find it a very interesting topic; these types of network are targeted at IoT (Internet-of-Things) devices, an area I have been working on over the last couple of years with IoTUK and the IoT Security Foundation. One of the main challenges of the IoT space is in making trade-offs to accommodate low-power and low-cost devices, and security is one of the things that might be traded off.

I can’t let Karsten Nohl‘s presentation at 26C3 go without comment. To be clear, he was only talking about weaknesses that were already known (so headlines like “Secret mobile phone codes cracked” are at best misleading) but his purpose was to demonstrate that those theoretically known attacks are now practical. His point is a very valid one, and holds for most (all?) cryptographic algorithms: researchers will discover more efficient attack techniques, and technology will evolve to make such attacks practical, so you’d better design your cryptographic protocols so you can switch to different algorithms if and when the future need arises.* Happily this is the case for the GSM protocols, and all (!) that is needed is for the phone manufacturers and network operators to deploy the A5/3 algorithm and we can all go about our business.

The Femtocells World Summit is in London this week; I haven’t attended, but I have seen articles about it that have me wondering whether there are interesting security issues emerging.

First, what’s a femtocell? Essentially, it’s a short-range, miniaturised version of a mobile phone mast. However, instead of being directly plumbed in to the phone network, calls made through a femtocell are routed over broadband Internet connections so they can be used in areas where the normal phone network coverage is poor or non-existent.